* Server bans (+b $s:mask) -- extb_server.so
* SSL bans (+b $z) -- extb_ssl.so
* HURT system -- hurt.so
- * Host mangling (umode +h) -- ip_cloaking.so
+ * New host mangling (umode +x) -- ip_cloaking_4.0.so
+ * Old host mangling (umode +h) -- ip_cloaking.so
* Find channel forwards -- m_findforwards.so
* /identify support -- m_identify.so
* Opers cannot be invisible (umode +i) -- no_oper_invis.so
#loadmodule "extensions/extb_server.so";
#loadmodule "extensions/extb_ssl.so";
#loadmodule "extensions/hurt.so";
+#loadmodule "extensions/ip_cloaking_4.0.so";
#loadmodule "extensions/ip_cloaking.so";
#loadmodule "extensions/m_findforwards.so";
#loadmodule "extensions/m_identify.so";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "etc/dh.pem";
- /* ssld_count: number of ssld processes you want to start, if you have a really busy
- * server, using N-1 where N is the number of cpu/cpu cores you have might be useful
+ /* ssld_count: number of ssld processes you want to start, if you
+ * have a really busy server, using N-1 where N is the number of
+ * cpu/cpu cores you have might be useful. A number greater than one
+ * can also be useful in case of bugs in ssld and because ssld needs
+ * two file descriptors per SSL connection.
*/
ssld_count = 1;
*/
number_per_ip_global = 5;
- /* cidr_bitlen: Limits numbers of connections from a subnet size
+ /* cidr_ipv4_bitlen: Limits numbers of connections from a subnet size
+ */
+ cidr_ipv4_bitlen = 24;
+
+ /* cidr_ipv6_bitlen: Limits numbers of connections from a subnet size
* the following example makes the subnet /64 this is useful
* for IPv6 connections in particular
- * Also note that the way charybdis is written if you have
- * compiled support for IPv6, IPv4 cidr bitlens need to be modified
- * Basically to get the approriate length add 96 to the IPv4 length
- * For example for a /24 do 96+24 = 120
- *
*/
- cidr_bitlen = 64;
+ cidr_ipv6_bitlen = 64;
/* number_per_cidr: Number of connections to allow from a subnet of the
- * size given in cidr_bitlen. 4 seems to be a good default to me.
+ * size given in cidr_ipv4_bitlen/cidr_ipv6_bitlen.
+ * 4 seems to be a good default to me.
*/
number_per_cidr = 4;
privset "server_bot" {
/* extends: a privset to inherit in this privset */
extends = "local_op";
- privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes;
+ privs = oper:kline, oper:remoteban, snomask:nick_changes;
};
privset "global_op" {
*/
#rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
+ /* fingerprint: if specified, the oper's client certificate
+ * fingerprint will be checked against the specified fingerprint
+ * below.
+ */
+ #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
+
/* umodes: the specific umodes this oper gets when they oper.
* If this is specified an oper will not be given oper_umodes
* These are described above oper_only_umodes in general {};
* ratbox-services does.
*/
kick_on_split_riding = no;
+
+ /* only ascii channels: disable local users joining channels
+ * containing characters outside the range 33-126 (non-printable
+ * or non-ASCII).
+ */
+ only_ascii_channels = no;
+
+ /* resv_forcepart: force any local users to part a channel
+ * when a RESV is issued.
+ */
+ resv_forcepart = yes;
};
/* These are the blacklist settings.
* You can have multiple combinations of host and rejection reasons.
- * They are used in pairs of one host/rejection reason, or multiple hosts/rejection reason.
+ * They are used in pairs of one host/rejection reason.
*
* These settings should be adequate for most networks, and are (presently)
* required for use on AthemeNet.
/* default umodes: umodes to set upon connection
* If you have enabled the ip_cloaking extension, and you wish for
- * incoming clients to be set +h upon connection, add +h to the umode
+ * incoming clients to be set +h or +x upon connection, add +h or +x to the umode
* string below.
*/
default_umodes = "+i";
*/
warn_no_nline = yes;
+ /* use propagated bans: KLINE, XLINE and RESV set fully propagated bans.
+ * That means the bans are part of the netburst and restarted/split
+ * servers will get them, but they will not apply to 3.2 and older
+ * servers at all.
+ */
+ use_propagated_bans = yes;
+
/* stats e disabled: disable stats e. useful if server ips are
* exempted and you dont want them listing on irc.
*/
*/
connect_timeout = 30 seconds;
+ /* ident timeout: Amount of time (in seconds) that the IRCd will
+ * wait for a user to respond to an ident request.
+ */
+ default_ident_timeout = 5;
+
/* disable auth: disables identd checking */
disable_auth = no;